From now on, Kubeapps users can include private Docker images in their customized Helm charts and deploy them directly from a private Helm repository. This support is aligned with the Kubernetes RBAC authentication model with private credentials available only in the configured namespace. Users can only add private repositories in those namespaces in which they have the required permissions. Similarly, only those users with access to that namespace have access to deploy the charts with private images.
Kubeapps officially supports the following private Helm repositories:
Chose the option that better suits your team and start deploying custom applications from your private repositories from the Kubeapps user interface.
Kubeapps simplifies the deployment from private registries within the Kubernetes security model
To enable the full support for private repositories, Kubeapps introduced the option of associating Docker credentials to an application repository so that Kubeapps can ensure they are used to pull any matching private images within a chart.
This eliminates the manual configuration you would otherwise need to be able to deploy charts with private Docker images, without which Kubernetes is unable to find Docker images requiring credentials, resulting in a failed deployment.
Without this feature, the user has two options: either create manually an image pull secret in the Kubernetes namespace or ask the cluster operator to make the secret available, and then update the chart values to reference the created secret.
Both situations require that you or the people that will use the application know how to manually add the specific pull secret and reference it in the chart values at deployment time.
Here is where Kubeapps simplify things! How? By associating Docker image pull secrets to an application repository (only available for Helm 3).
From the Kubeapps user interface, create an application repository and after entering the normal URL of the private repository where the app is and basic authentication of the chart:
- Create the credentials for the image pull secret so that Kubernetes can pull the images from the Docker registry.
- Then ensure the newly created image pull secret is selected for the application repository.
This information tells Kubeapps that whenever deploying any chart from this application repository, if an image matching any associated pull secret is referenced in any pod, then Kubeapps will automatically add an image pull secret to that pod.
Watch the following video to learn step-by-step how to create an application repository to deploy a custom application from external private repositories:
Or check out the documentation for private application repositories to learn more.
Deploy the latest Kubeapps release now!